USN-2675-1: LXC vulnerabilities

Publication date

22 July 2015

Overview

Several security issues were fixed in LXC.


Packages

  • lxc - Linux Containers userspace tools

Details

Roman Fiedler discovered that LXC had a directory traversal flaw when creating
lock files. A local attacker could exploit this flaw to create an arbitrary
file as the root user. (CVE-2015-1331)

Roman Fiedler discovered that LXC incorrectly trusted the container’s proc
filesystem to set up AppArmor profile changes and SELinux domain transitions. A
local attacker could exploit this flaw to run programs inside the container
that are not confined by AppArmor or SELinux. (CVE-2015-1334)

Roman Fiedler discovered that LXC had a directory traversal flaw when creating
lock files. A local attacker could exploit this flaw to create an arbitrary
file as the root user. (CVE-2015-1331)

Roman Fiedler discovered that LXC incorrectly trusted the container’s proc
filesystem to set up AppArmor profile changes and SELinux domain transitions. A
local attacker could exploit this flaw to run programs inside the container
that are not confined by AppArmor or SELinux. (CVE-2015-1334)

Update instructions

In general, a standard system update will make all the necessary changes. You will need to restart your previously running LXC containers in Ubuntu 15.04 due to bug that causes containers to be stopped on during lxc package installation (https://launchpad.net/bugs/1476691).

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
15.04 vivid liblxc1 –  1.1.2-0ubuntu3.1
lxc –  1.1.2-0ubuntu3.1
14.10 utopic liblxc1 –  1.1.0~alpha2-0ubuntu3.3
lxc –  1.1.0~alpha2-0ubuntu3.3
14.04 trusty liblxc1 –  1.0.7-0ubuntu0.2
lxc –  1.0.7-0ubuntu0.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›